[SECURITY] Ensure decoded entities are encoded for HTML again
HTML entities being used in link tags created with `typolink` have to be encoded correctly again after entities have been decoded for internal processing. Resolves: #91161 Releases: master, 9.5 Change-Id: Ifc4d2da669aab01f2b3041bb32c0a24a727634b4 Security-Bulletin: TYPO3-CORE-SA-2020-003 Security-References: CVE-2020-11065 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64467 Tested-by:Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Showing
- typo3/sysext/core/Classes/Utility/GeneralUtility.php 3 additions, 2 deletionstypo3/sysext/core/Classes/Utility/GeneralUtility.php
- typo3/sysext/fluid/Tests/Functional/ViewHelpers/Fixtures/link_typolink_additionalAttributes.html 6 additions, 0 deletions...wHelpers/Fixtures/link_typolink_additionalAttributes.html
- typo3/sysext/fluid/Tests/Functional/ViewHelpers/TypolinkViewHelperTest.php 39 additions, 0 deletions...d/Tests/Functional/ViewHelpers/TypolinkViewHelperTest.php
- typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php 13 additions, 9 deletions.../frontend/Classes/ContentObject/ContentObjectRenderer.php
- typo3/sysext/frontend/Classes/Plugin/AbstractPlugin.php 2 additions, 1 deletiontypo3/sysext/frontend/Classes/Plugin/AbstractPlugin.php
- typo3/sysext/indexed_search/Classes/Indexer.php 2 additions, 1 deletiontypo3/sysext/indexed_search/Classes/Indexer.php
Please register or sign in to comment